The people who questioned Google CEO Sundar Pichai in Congress are the same people in charge of creating legislation around cyber security. How can they pass laws on a subject about which they are woefully ignorant?

The government makes the regulations and enforces them, but in cybersecurity, there is no "standard" to meet. The goal posts are always moving, much to the advantage of each industry's established incumbents.

Cybersecurity must be your culture

You're going to get attacked. When you do, the government regulators will have to get involved. That's what happened when LabMD was attacked. Ten years later, LabMD CEO Michael Daugherty has a lot to teach corporate America.

CISO - The target is already on your back. When it happens, you are to blame by default, but cybersecurity is not one person or one department's job. It's everyone's job. Cybersecurity must be part of the culture.

HR - Your organization is made up of people. People make the decisions and take the actions that drive and ensure cyber security. Who is educating your people? Is it working?

Marketing - What message will you convey to your audience when you are attacked? "It's our fault", "We've known for months", "Here's what we know", or something else? How do you know what's right and what's wrong?

Legal - It's going to happen. Is your legal team up to speed on the current state of legal jurisprudence and case law for cybersecurity? Doug Meal is the best cybersecurity attorney in the country. Learn from him.

C-Suite - Culture starts at the top. Cybersecurity culture will also start - or stop - at the top. It's up to you to make sure your team knows what to do when it happens. Because it's going to happen.

Attend a cyber culture event in your city

Join our email list for informative, educational, practical, and useful information on how you can help drive a culture that embeds cybersecurity as a core value.